CVSS: 9.3EPSS: 26%CPEs: 4EXPL: 2CVE-2008-4771 – D-Link MPEG4 SHM Audio Control - 'VAPGDecoder.dll 1.7.0.5' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-4771
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en el control ActiveX VATDecoder.VatCtrl.1 en (1) 4xem VatCtrl Class (VATDecoder.dll v1.0.0.27 y v1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll v1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll v2.0.0.39), y posiblemente otros productos, permite a atacantes remotos ejecutar código de su elección a través de una propiedad de la URL larga. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • https://www.exploit-db.com/exploits/5193 http://osvdb.org/42378 http://osvdb.org/43007 http://secunia.com/advisories/29131 http://secunia.com/advisories/29145 http://secunia.com/advisories/29146 http://securityreason.com/securityalert/4517 http://www.securityfocus.com/bid/28010 http://www.vupen.com/english/advisories/2008/0685/references http://www.vupen.com/english/advisories/2008/0686/references http://www.vupen.com/english/advisories/2008/0687/references https://excha • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 1CVE-2008-4133 – D-Link DIR-100 1.12 - Security Bypass
https://notcve.org/view.php?id=CVE-2008-4133
The web proxy service on the D-Link DIR-100 with firmware 1.12 and earlier does not properly filter web requests with large URLs, which allows remote attackers to bypass web restriction filters. El servicio web proxy en el D-Link DIR-100 con firmware 1.12 y anteriores no filtra de manera apropiada las peticiones web con URLs de mucha longitud, permite a atacantes remotos evitar los filtros de restricción web. • https://www.exploit-db.com/exploits/32336 http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0133.html http://secunia.com/advisories/31767 http://securityreason.com/securityalert/4276 http://www.scip.ch/cgi-bin/smss/showadvf.pl?id=3808 http://www.securityfocus.com/archive/1/496072/100/0/threaded http://www.securityfocus.com/bid/31050 http://www.securitytracker.com/id?1020825 https://exchange.xforce.ibmcloud.com/vulnerabilities/44961 • CWE-20: Improper Input Validation •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1253
https://notcve.org/view.php?id=CVE-2008-1253
Cross-site scripting (XSS) vulnerability in cgi-bin/webcm on the D-Link DSL-G604T router allows remote attackers to inject arbitrary web script or HTML via the var:category parameter, as demonstrated by a request for advanced/portforw.htm on the fwan page. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el cgi-bin/webcm del router D-Link DSL-G604T, que permite a atacantes remotos inyectar secuencias de comandos web o html de su elección a través del parámetro var:category como se ha demostrado mediante una petición para advanced/portforw.htm a la página "fwan". • http://secunia.com/advisories/29530 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28439 https://exchange.xforce.ibmcloud.com/vulnerabilities/41117 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1258
https://notcve.org/view.php?id=CVE-2008-1258
Cross-site scripting (XSS) vulnerability in prim.htm on the D-Link DI-604 router allows remote attackers to inject arbitrary web script or HTML via the rf parameter. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en prim.htm del router D-Link DI-604 permite a atacantes remotos inyectar web script o HTML de su elección a través del parámetro rf. • http://secunia.com/advisories/29531 http://www.gnucitizen.org/projects/router-hacking-challenge http://www.securityfocus.com/archive/1/489009/100/0/threaded http://www.securityfocus.com/bid/28439 https://exchange.xforce.ibmcloud.com/vulnerabilities/41122 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 1%CPEs: 4EXPL: 0CVE-2007-3347
https://notcve.org/view.php?id=CVE-2007-3347
The D-Link DPH-540/DPH-541 phone accepts SIP INVITE messages that are not from the Call Server's IP address, which allows remote attackers to engage in arbitrary SIP communication with the phone, as demonstrated by communication with forged caller ID. El teléfono D-Link DPH-540/DPH-541 acepta mensajes SIP INVITE que no provienen de la dirección IP del servidor que llama, lo cual permite a atacantes remotos conectarse en comunicaciones SIP de su elección con el teléfono, como se demuestra con comunicaciones con Identificación de origen suplantada. • http://secunia.com/advisories/25803 http://www.securityfocus.com/bid/24560 http://www.sipera.com/index.php?action=resources%2Cthreat_advisory&tid=219& http://www.vupen.com/english/advisories/2007/2320 https://exchange.xforce.ibmcloud.com/vulnerabilities/35063 •